Greg Wooledge wrote:
> I wrote this after learning of a security hole in $"..." expansion.
> (See http://www.gnu.org/software/gettext/manual/html_node/bash.html
> for details of that.)

It seems to me that the security hole is the possibility of command
substitution, rather than arbitary word expansions, which are
inconvenient at worst.

Inhibiting all expansions to protect against possibly malicious
translated strings is a rather large stick to use.

Chet

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer

Chet Ramey, ITS, CWRU    c...@case.edu    http://cnswww.cns.cwru.edu/~chet/


Reply via email to